I was embarrassingly proven wrong, and I’m sitting here loving every second of it. As you remember, I was on stage in Berlin a few years ago telling people I felt we had lost the war defending privacy. It now appears we may be able to hold on to a little bit of ground, at least temporarily. I sincerely apologize, for it seems as if I have indeed given up just a bit too early.

As luck would have it, I think the widely publicized notion of hackers being this straightforward about the state of affairs scared the living daylights out of people and may have actually had a significant strategic effect. And for the record I still disagree with some of the people approaching me afterwards that claimed that one could simply never say such things, whether they were true or not.

Many of you know I’m quite the skeptic when it comes to the notion of privacy. Who can expect such a thing while all our physical movements, payments as well all our spoken and written thoughts are being tracked? I’m not sure where and how I am supposed to have privacy between mandatory data-retention, license plate recognition, public transit RFID cards, biometric passports, electronic files on the development of every child until the age of 35 (!), the wholesale erosion of medical secrecy, massive growth in camera observation and a system of laws that give government broad access to just about any piece of information held on all its citizens?

But even a long-term privacy-pessimist as myself now has to recognize that in this rising sea of privacy-intrusions, the citizens of one country seem to be raising and maintaining at least some of their defenses. And while that metaphor clearly shows my national origin, it is unfortunately not my own country where people are successfully defending themselves.

The German federal constitutional court, the Bundesverfassungsgericht, has nullified a state law that would have allowed broad introduction of government sanctioned spyware. And, even more importantly, in its ruling (here’s a shorter press release) the court has created a much broader fundamental constitutional protection. They have acknowledged the concept that our lives now extend into the technology we use and stated that our lives in this new space are just as worthy of constitutional protection as our lives in any of the other places where we live. In Germany, the concept of a constitutionally protected ‘most inner private sphere’ now clearly extends to our homes in the digital world.

The future of a proposed federal equivalent to this now-nullified state law is uncertain, and the wording of this new concept also sheds strong doubts on whether the proposed data-rentention laws will be ruled constitutional. (A ruling on this is still outstanding.)

It would of course have been even nicer if the Germans had actually managed to elect a government that didn’t attempt to trample their most basic rights to begin with. But then constitutions are there as a safety-net for precisely this eventuality. They are written because the framers realized that when it comes to governments, shit (such as in the form of oppressive laws) sometimes happens.

So the people of Germany seem to be successfully defending themselves against their government. What’s wrong with the rest of the world? There have been plenty efforts in many other countries to defend the notion of privacy, but the Germans have simply been provided with better and sharper tools for defending themselves. Their sharpest tool by far is this federal constitutional court. Without it, I fear Germany would have long been in the same sorry state as my own country. I hope all Germans realize that the judges and support staff that make up this court are the one single thing that stands between today’s Germany and a police state.

So what does this teach us if we don’t live in Germany? It shows that one needs a constitution that defines which core values are important and a legal system that interprets what these values mean with regard to new developments. Also, the legal system needs to allow for common laws to be challenged based on the constitution. It’s probably very hard to get such a strong constitution out of the blue. It takes some very serious accidents in your history to show what happens if the wrong people get to power.

Take my country, The Netherlands, for example. It has a constitution that, in practice, is mostly meaningless. Yes, we have a right to communications secrecy. But our constitution has a habit of saying things along the lines of “government shall not … unless warranted by law”. Most of you will recognize that the whole purpose of a constitution should not be to have some nice hollow phrases to point to, but to regulate what ordinary laws can and cannot say. Coupled with the legal impossibility of challenging laws as being unconstitutional (!), the Dutch have clearly taken a wrong turn way back in the past. Most simply put, the framers of the dutch legal system have assumed that shit would not happen. That parliament and government could never really want truly wrong things.

I congratulate the German constitutional court on taking a determined step back from the abyss. I sincerely hope it also takes the logical next step and completely and utterly destroys data retention such that it is so dead that it will never rise from its much spitted on grave. But after all the much-deserved partying, the Germans need to realize that they’re not done. They still need to eradicate the root cause of the problem. After all: when your very last defense – the constitutional court – has to save you from oppression like this, you damn well better hurry and replace the politicians that got you into this mess in the first place. Either you get rid of them, or they start the tediously slow process of eroding the power of the court. (Which accidentally is a simplification of what happened to constitutional protection in the US over the past decades.)

If the Germans don’t act to cherish and preserve this new right, it will be mostly meaningless. After all, until the broader population understands and defends what has been given to them, it is nothing but a ruling written by some older judges, acting against the elected government in an attempt to uphold higher principles. This new constitutional principle needs to be cemented into the legal practice and into the minds of the people.

Given how incredibly alone Germany seems to be in defending these principles, the defense of German freedom has long become important to non-Germans as well. At this point in time, I think it makes much more sense for me to defend the real and defended notion of privacy in Germany than fight the eternal uphill battle of trying to re-introduce this profoundly lost concept in The Netherlands. I will start donating money and helping out accordingly, and I call on anyone reading this to do the same. I’ve donated to Foebud e.V., but Stiftung Bridge and Arbeitskreis Vorratsdatenspeicherung appear to be equally responsible and active recipients. Check out their websites and use the comments if you feel I’ve left out worthy causes.

If you like listening to radio (I personally like reading a lot better than listening), you might like the recent Chaosradio episode about the ‘we lost the war’ theme. Warning: it’s in German (and sometimes even in southern German) and includes optimism, pessimism, strange callers and what not.Link

After the speech in December my friend Karin Spaink, who was in the audience, stood up and delivered some criticism to what we had said. Our speech, she said, contained way too many undifferentiated references to ‘them’, and ‘they’. And she was right: we should have talked about this ‘them’ issue a bit more.

I’m not much of a conspiracy nut, and I normally make the point myself that I do not believe in ‘a secret world government’ or anything like that. I know there is way to much incompetence and infighting behind the scenes to come up with something that homogenous. As they say: “Never attribute to malice that which can be adequately explained by stupidity.”

That said: I do believe there are changing groups of right-wing control freaks in every government, and I do believe that at least some of them were smart enough to have secretly coordinated plans for repressive legislation ready to be voted on as soon as the shit hit the fan. I mean: to assume all of the thinking, writing and coordinating started happening after 9/11 is nuts given how smooth it all went.

Now there’s nothing wrong with admitting that we were outsmarted. We (an undifferentiated kind of ‘we’, meaning everyone that cares about democracy) should have had our own plan B for when something like 9/11 happened, and we didn’t. Now the laws are there, they will increasingly be applied to non-muslim non-terrorists, and getting them repealed is going to be hard.

But two can play this game. I suggest legally-inclined lovers of democracy spend some time planning for a time in the not too distant future when some of this repression becomes highly controversial. Maybe some scandal that involves torture and secret prisons which, unlike the present scandals involving torture and secret prisons, manages to really upset some huge percentage of the population. If that happens, we should have all the currently unthinkable laws and motions ready for our respective parliaments to sign before the momentum is lost again.

After our ‘We lost the war’ lecture, I was part of a smaller group that stood around and discussed what we had just been talking about. One of the people there was Rena Tangens, a longtime privacy activist from Bielefeld whose work I much admire. And while she said that she agreed with a lot of our analysis, she just could not get over the ‘we have lost the war’ theme. She claimed that by titling our talk the way we did, we called on people to accept their fate, effectively working against the efforts of those that still fight for privacy. Others echoed the same sentiment, and over the days that followed, more than one person said “Even when it is true, you probably shouldn’t be saying it”.

Now I don’t buy that. I don’t believe in political activism that depends on a mass of people that are not told the truth, or in an activist leadership that limits access to truthful analysis when they feel it will negatively affect the commoner’s ability to rally for the cause. And even if I did believe in that, I think the hacker community is a little too smart for that anyway.

It is time we acknowledge that the war for privacy has been essentially lost, and that all remaining fights, worthwhile or not, are over minimal delays in the implementation of the various mechanisms of control. Maybe there was once a window of opportunity where we could have affected enough of the public opinion to make a difference. But this window is gone, the technologies have been built, and they will be used. Even if we got a majority of the population in a majority of the countries on earth to care starting today, it would not be enough.

And we need to say this, because it was really our point from the beginning: these technologies are so powerful that once they are built, no amount of regulations will hinder their use for the benefit of whoever is in power. If you place cameras and license plate recognition capability above all the roads for a system to tax trucks, the system will be used to keep track of all vehicles a few years later, no matter how hard the politicians promised that that won’t happen.

Being in charge of a country can lead to significant paranoia. And it is this paranoia that nameless control-freak bureaucrats feed on. A healthy society would just tell its leadership to get over it. But in societies where the population itself is spiraling into an ever deeper fear-based psychosis, this is not likely to happen. And so by allowing the leadership to see more and more of the evil things that some subset of the population is doing, the bureaucrats are offering the crack pipe: the bright glow of ‘secret intelligence’ will ease the worries. But only for a very short time, after which they’ll just get more frightened of all the things they might not know.

Unless you believe in the upcoming arrival of the intergalactic cavalry, I think you have to accept that privacy is gone, and that it will not come back in any foreseeable future. Nameless people mining and evaluating historical and live data from our call records, our internet activity, our bank records, all our logistics and our personal whereabouts will de-facto be in power for the short and medium term. As for the long term: I’m not sure. But I do know that the type of semi-clandestine grassroots movement that has always been needed to overthrow a government is far more difficult to set up than it has ever been.

Most people don’t know their history. And even if they know the basic facts, they may not truly grasp the extent to which humans have stayed the same throughout the ages. Hence when something happens in the world, large crowds jump up and down, claiming this or that development is totally new. People that do know about history usually yawn at such enthusiasm. They know that the world is a pretty big place and that humans have been building societies for a pretty long time. In some circles, merely to claim some development is without precedent can be enough to be labeled as thoroughly unsophisticated.

And yet I still believe the extent to which governments will soon be able to snoop on their citizens is unprecedented.

The 20th century saw a few attempts at creating the all-seeing state. The former DDR, the former USSR: they’ve tried to see what every citizen is doing, sometimes at a level of detail that makes us laugh when we read accounts of their efforts. The cost and labour involved in such an effort made it not worthwhile for anything but the most determined police states, and even for them it didn’t work in the end. The 20th century also saw widespread fear of such a state (best embodied in George Orwell’s 1984) come and go.

But where I live, all the tools needed to create the all-seeing state are being installed here and now. Even though my present government doesn’t look like the evil police state that I thought would come first, it is nonetheless its clear and even stated aim to create a world where no movement of ideas, people, vehicles, money or goods happens without that fact entering a police-searchable database. This year we will be getting personalized chipcards to be able to use public transport. There are already cameras to see license plates, cameras for the police to watch entire neighborhoods and soon everything I do online will also enter a database.

The Netherlands may be pioneering some of these developments, but similar things are happening all over the world. Given how intimidating all of this feels to me, I can only begin to imagine what it must feel like to the inhabitants of Myanmar/Burma, Belorus or any other true totalitarian dictatorship.

This december, my longtime friend Frank Rieger and yours truly did a lecture at the Chaos Communication Congress in Berlin. Under the provocative flag ‘We lost the war’ we gave people our perspective on some current developments and most notably what we feel is the bleak future of privacy. We talked about how we got here, where we felt it was all headed, and then spent most of our time presenting some ideas on how we thought hackers could still be relevant in such a future. It was a pretty grim picture, all in all, and a lot of people in the audience weren’t smiling. But it did get a debate going. People were still talking about how much they agreed or disagreed with us when the congress ended three days later.

This blog finally happened because I feel like writing more about what it was that we tried to say because not all of it was eloquently put. It still very much being a work in progress. I’ll probably also respond to some of the criticism to our story as well as expand on some of the thoughts we have been having as a result of it.

But most defintely not everything on my new blog will be this depressing doomsday stuff. The lighter side of me likes to play with technology a lot. I like hacking stuff that relates to cryptography, mobile devices, GPS tracking, linux on small devices, mesh networking and more. Some of the stuff I build and built has it’s own site and all, but I probably will not be able to refrain myself from writing about it here too. I am also likely to blog about cool, shocking and/or interesting things I find elsewhere every once in a while.

My family, my friends and even a lot of the people I meet are simply amazing. To me anyway. So I’ll also bore you with portraits of friends, pictures of my new hairdos, ponderings about the ups and downs of watching my kids grow up and detailed accounts of me and my friends getting in all sorts of interesting trouble. Who knows.